WAN Switching; VLANS?

Unanswered Question
Jan 17th, 2008
User Badges:

We have a 3 site environment with several T1s between sites. We are replacing those T1s with a metro ethernet type switched WAN link. Our routers will be replaced with Layer 3 switches at each remote site.

My question is if it makes sense to create a VLAN on our core central switch for each site and create VTP trunks from the core switch to the remote switches? Does this make the most sense? We also have VOIP traffic as a consideration so will need to segmeent that traffic as well.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 01/17/2008 - 10:30
User Badges:
  • Purple, 4500 points or more

I would say no. Layer 3 separation is a good thing. Do you have any requirements to have the VLANs out to your remote sites? That should be the driving force.


dwfrank Thu, 01/17/2008 - 12:05
User Badges:

no requirements, I was just thinking of this as a switched extention of our campus network. I was going to use inter-vlan routing and created segmented networks for each location, so that I could still house the DHCP server from our datacenter for the remote sites.

We will have a 20MB link and can have afford to have a fairly long lease time to minimize DHCP traffic accros the link.

Collin Clark Thu, 01/17/2008 - 12:09
User Badges:
  • Purple, 4500 points or more

Why not use IP helpers and continue to use your central DHCP server? We use two servers in the same location and hand out thousands of addresses across 20+ locations.

rsamuel708 Thu, 01/17/2008 - 17:54
User Badges:

So is that the primary use of IP helper addresses? I'm new to using EIGRP in my new organization and I see them used all over. The only addresss I see there however are our DNS server? Can you give a little more detail as to how the routing protocol uses these addresses?



Jon Marshall Fri, 01/18/2008 - 00:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


The addresses you are seeing should be your DHCP server addresses. These servers may well be your DNS servers as well, especially if you have an AD environment.

The routing protocol doesn't use these addresses. These addresses are used purely for DHCP clients to get an address.

What happens when a client set for DHCP boots up is it broadcasts out for an IP address. Routers do not normally forward broadcasts onto different networks and you usually don't want them to. So

vlan 10 = client vlan

vlan 20 = server vlan.

DHCP server on vlan 20 is

So on the switch

int vlan 10

ip address

ip helper-address

int vlan 20

ip address

The client on vlan 10 boots up and broadcasts out for an IP address. The packet arrives at the vlan 10 interface on the L3 switch. The L3 switch then creates a unicast packet with the destination ip address of the DHCP server and forwards the request on. The DHCP server issues an IP address, returns the packet back to the L3 switch and the L3 switch forwards back to the client.

You can have more than one ip helper-address under a vlan interface and the L3 switch will forward a request on to all the addresses.

The only interaction with the routing protocol is obviously the L3 switch needs to know how to get to the DHCP server subnet. Note that in this example the DHCP server subnet is on the same switch, but it doesn't have to be, it can be routed across many subnets if that is what you want.



adam.sellhorn Fri, 01/18/2008 - 06:59
User Badges:

For what it is worth we have a similar topology. What we do is have an Inter-site VLAN connecting all the sites with Layer 2 connectivity while running OSPF on each MLS. Then we just create VLANs per site so traffic from site to site is routed.

dwfrank Fri, 01/18/2008 - 11:42
User Badges:

Do you use VTP? I had planned on using per site routed VLANs, I just wasnt sure if I could use a VTP trunk in this scenario since I have multiple networks I need to bring over to the remote sites across MPLS links. (voice/data)

igor_kiselev Fri, 01/18/2008 - 11:48
User Badges:

It's more design question with few different ways of doing.

A safest approach is using routed (or L-3) links to better segment networks.

This not only gives a good protection against broadcast storms/floods and many other unwanted Level-2 communications, but also makes communications more future proof. With "routed" WAN links where you assign IP addresses directly on physical interfaces you get better transparency and convenience i.e. NetfLow export; some accounting; access-lists; Level-3 QoS feature-set etc.

Jus bear in mind that at some point these new WAN links become congested and you will need some QoS enforcement. This is where the tricks come. Switch is near close to a router when it comes to QoS implementation. Fractional speeds like 20Mbps on Full/Duplex FastE interfaces create certain difficulties for switches where you end up with almost no QoS tools available. Routers always give you full-blown QoS support including policing, TrafficShaping, LLQ and all that jazz …. But switches obviously have higher, wire-speed throughput performance ...


This Discussion